Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security Data Storage

Not-So-Clean Hard Drives For Sale 436

Saeed al-Sahaf writes "The Register is running a story about a security consulting company that as part of a study bought hard drives and laptops on eBay, and then was able to recover highly sensitive data including customer databases, financial information, payroll records, personnel details, login codes, and admin passwords for their secure Intranet site. This is a bit scary considering all of these drives were supposedly formatted and sold for surplus by major companies (although few of us actually use the multiple formatting standards of the DoD). Looks like it's hardly necessary for crooks to get at your private information, although I sure industrial espionage spooks have probably done this for awhile." Shades of the recent post about recovering sensitive contents from swap partitions.
This discussion has been archived. No new comments can be posted.

Not-So-Clean Hard Drives For Sale

Comments Filter:
  • Oh no... (Score:5, Funny)

    by Snad ( 719864 ) <mspace.bigfoot@com> on Tuesday June 08, 2004 @09:33PM (#9373427)

    To whoever bought my old hard drive on eBay, those pictures were all for research purposes only.

    Sincerely
    Peter Townshend

    • Re:Oh no... (Score:5, Interesting)

      by erucsbo ( 627371 ) on Tuesday June 08, 2004 @09:47PM (#9373523)
      Next time you might get more for it by advertising it as a hard drive with hidden flash.
      BTW, try doing a data recovery on some of the little flash drives that get given out as promos. A few I've seen look like they've been used by the sales staff, before being given out to clients :-)
    • Re:Oh no... (Score:5, Funny)

      by Ateryx ( 682778 ) on Tuesday June 08, 2004 @10:38PM (#9373838)
      I swear on my life, every hard drive I've gotten from a garage sale has had some sort of horse porn on it.
      After the 4th out of 5 harddrive I was scanning had horse porn I just figured it'd be better to not look anymore.
      • Re:Oh no... (Score:3, Funny)

        by Txiasaeia ( 581598 )
        Perhaps you should move away from Wisconsin, then!
      • Um... (Score:5, Funny)

        by Dwonis ( 52652 ) * on Tuesday June 08, 2004 @11:06PM (#9373974)
        Naked horses != horse porn...

        Horses don't normally wear clothes, you know.

      • Re:Oh no... (Score:5, Funny)

        by Anonymous Coward on Wednesday June 09, 2004 @04:12AM (#9375073)
        I swear on my life, every hard drive I've gotten from a garage sale has had some sort of horse porn on it.
        After the 4th out of 5 harddrive I was scanning had horse porn I just figured it'd be better to not look anymore.


        I remember my first laptop, a 386sx with vga b&w screen. It was so spiffy I wanted some pictures to show it off, any pictures would do. This was the late 1980s and the only gifs you could find on local BBSs were porn. So I got some porn. In dennies I was asked if my computer could display pictures. I said "Sure here's an image of a woman having sex with a horse". The waitress was so impressed, the quality, the detail, yet was somewhat disusted. So not to apear sexist, I showed here another one "here's a picture of a man having sex with a horse". She asked me if I had some pictures without horses, I had to say "No, the only pictures you can get for computers are of people and horses having sex".

      • Re:Oh no... (Score:3, Funny)

        by mikael ( 484 )
        Scary stuff indeed. I had to take our pet our local vet. Very friendly girl, but she had all kinds of animal porn all over the walls of the waiting room; horses, cats, dogs, gerbils, even budgies!!! Even the screensaver of her PC was showing animal porn. The mind boggles...
  • Hard dives. (Score:4, Funny)

    by Raven42rac ( 448205 ) * on Tuesday June 08, 2004 @09:34PM (#9373435)
    You know, there are signs on pools for this very reason.
  • Active KillDisk (Score:3, Informative)

    by holy_smoke ( 694875 ) on Tuesday June 08, 2004 @09:34PM (#9373437)
    http://www.killdisk.com/eraser.htm

    Its worth its weight in gold.
    • Eraser (GPL) (Score:5, Informative)

      by KrisHolland ( 660643 ) on Tuesday June 08, 2004 @09:48PM (#9373526) Homepage Journal

      That is only gratis software, so you really don't know how well it works, if at all.

      A better choice is Eraser, it is GPL [gnu.org]ed.

      http://sourceforge.net/projects/eraser/ [sourceforge.net]

      You can also make a nuke boot disk with this program that automatically starts erasing everything upon start up. Don't forget to clearly label it ;).

      • by Exiler ( 589908 ) on Tuesday June 08, 2004 @10:27PM (#9373768)
        Label it? You mean, something like "Windows Installation" or "Intrarnet Access" and leave it laying around school?
      • Re:Eraser (GPL) (Score:3, Informative)

        by DerekLyons ( 302214 )

        That is only gratis software, so you really don't know how well it works, if at all.

        A better choice is Eraser, it is GPLed.

        Being GPL isn't much of a help here either. Whether you can truly erase a drive depends on so many low level (read: inside the drive 'black box') factors, that it's impossible to be 100% certain the disk is clean.

        Physical destruction of the disk is the best and only certain way of ensuring that critical data isn't still readable. Degaussing takes second place.

    • Re:Active KillDisk (Score:3, Informative)

      by kayen_telva ( 676872 )
      I second Eraser, or SDELETE [sysinternals.com] for scripting.
    • Re:Active KillDisk (Score:3, Informative)

      by afidel ( 530433 )
      There is no such thing as a secure deletion. To be sure that data is irretrievable you need to physically destroy the disk, which includes at least chopping up the platters and preferably melting them down. Here's a quote from the definitive paper on data recovery by Peter Gutmann: [sourceforge.net]

      For this reason it is effectively impossible to sanitise storage locations by simple overwriting them, no matter how many overwrite passes are made or what data patterns are written.
      • Re:Active KillDisk (Score:5, Informative)

        by whereiswaldo ( 459052 ) on Tuesday June 08, 2004 @11:18PM (#9374043) Journal
        Read the entire paragraph quoted from the article:

        Data overwritten once or twice may be recovered by subtracting what is expected to be read from a storage location from what is actually read. Data which is overwritten an arbitrarily large number of times can still be recovered provided that the new data isn't written to the same location as the original data (for magnetic media), or that the recovery attempt is carried out fairly soon after the new data was written (for RAM). For this reason it is effectively impossible to sanitise storage locations by simple overwriting them, no matter how many overwrite passes are made or what data patterns are written. However by using the relatively simple methods presented in this paper the task of an attacker can be made significantly more difficult, if not prohibitively expensive.

        So it sounds like if you are overwriting your data in the exact same physical location which it currently exists, it should be possible to make the original copy unrecoverable given enough overwrites.
        • Re:Active KillDisk (Score:5, Insightful)

          by afidel ( 530433 ) on Tuesday June 08, 2004 @11:24PM (#9374075)
          Ah, but with modern disk drives it's basically impossible to be sure that you are writing to the same physical location. The magnetic domains are so small with GMR that temperature fluctuations of just a few degrees can throw off the alignment enough to ensure that complete erasure is not possible.
  • Didn't I read about this in Jurassic Park?
  • by kiwioddBall ( 646813 ) on Tuesday June 08, 2004 @09:34PM (#9373446)
    Perhaps more useful than yet another pointless scaremongering exercise would be for the company that now owns the drives to go back to the companies that they bought them off to find out how they were erased so we could find out how not to do it, and where they were not successful in recovering info to go back to those companies to find out how they did wipe that info properly.
    The point is to learn something from it.
    • Not realy, it has been long known that deleting a file doesn't whipe the contents, it just tells the system it can use the space the filed occupied for another file now, and it unlinks the current file from the directory structure.

      Actually removing the contents of a fiel is what you need, and tools for that have been around for at least the last 20 years that I remember.

      So no, theres little to learn there, wha they seem to want to point out here is that security has a lot more to do with how you think and
    • by 1u3hr ( 530656 ) on Tuesday June 08, 2004 @09:49PM (#9373542)
      Perhaps more useful than yet another pointless scaremongering exercise would be for the company that now owns the drives to go back to the companies that they bought them off to find out how they were erased

      From the wording of the story, it's not clear that the drives were erased at all -- it says 'all of had "supposedly" been "wiped-clean" or "re-formatted"', which makes it seem likely to me that this is not some high tech recovery from wiped space, but simply taking advantage of negligence. Other stories have highlighted this as a consequence of outsourcing of disposal to companies which are supposed to do this before selling them, but neglect to. A company shouldn't let a disk off the premises without wiping it themselves -- it's a trivial process, as many other posts are detailing their favorite methids I won't bother. The sad consequence is that many potentially useful machines will now be destroyed out of paranoia and cosntribute to computer waste

    • find out how they were erased so we could find out how not to do it, and where they were not successful in recovering info to go back to those companies to find out how they did wipe that info properly.

      Most likely it's very simple. The disks they recovered info from were not overwritten and the disks they couldn't recover information from were overwritten. A format that operates mostly in read-mode will leave most of the information intact on the disk. I have even FDISK'd, messed around with varying parti
  • by WIAKywbfatw ( 307557 ) on Tuesday June 08, 2004 @09:35PM (#9373447) Journal
    If you're really paranoid about your data then don't sell your hard drives, even if you have used US DoD-levels of formatting. Duh.

    Rather than make a few tens of dollars selling an old drive, take it apart, and burn the platters until they're nothing more than dust. Problem solved.
  • This is why... (Score:4, Insightful)

    by DaHat ( 247651 ) on Tuesday June 08, 2004 @09:35PM (#9373449)
    Personally speaking, I've never given away or sold a HD in my life... not that I'm paranoid about what might be on it, I find it a good practice to use em until they die, even if it's only a few extra gigs.
    • Re:This is why... (Score:3, Interesting)

      I'll second this, even when I get a new hard I usually keep the old one to back stuff up to when I'm putting a new o.s. in. Or when I feel like trying out a new distro (or new version). Plus if a drive dies on me I have spare I can use.
      Though is this case I think we're dealing with corporate upgrade cycle here. Usually the corporation sells off a bunch of drive in bulk to cut the cost of the upgrade or company hired to do the upgrade takes the old drives and re-sells them to garner a few extra $$.

      Mycr
    • Re:This is why... (Score:3, Interesting)

      by Qzukk ( 229616 )
      I find it a good practice to use em until they die

      Heck, I've got every harddrive I've ever owned here, even the ones that died. Someday I'll get around to making clocks from them or maybe speakers like I saw here a long while back. Recently I had a computer start acting strange on IDE (but with an adapter, the drive worked fine on SATA in that machine) so I went through ALL the old IDE drives until I found one that actually still worked... 650MB IDE drive from Conner, if I recall correctly. That drive
  • by Papatoast ( 245525 ) on Tuesday June 08, 2004 @09:35PM (#9373452) Journal
    has taken a "hard dive".
  • not a joke (Score:2, Funny)

    by real_smiff ( 611054 )
    Step1: buy used hard drives
    Step2: ???
    Step3: profit

    let's discuss Step2

  • by Amgine007 ( 88004 ) on Tuesday June 08, 2004 @09:36PM (#9373457)
    This reminds me a lot of this story [computerworld.com].

    Simplified summary of both: buy some hard drives on eBay and you could end up with some cool data!
  • by keadie ( 676580 )
    I bought a old computer once that had a database of about 200 names, address, phone numbers, DOBs and SSNs. They didn't delete anything on the hard drive. It had NT on it, I just used linux to check what was on it for grits and shingles. That company is lucky that I'm not evil...any opening bids?
  • by foidulus ( 743482 ) * on Tuesday June 08, 2004 @09:37PM (#9373462)
    and say that if your company's secrets are that valuable, the safest way to get rid of hard drives is just to scrap them. Laptops are a slightly different story, but how much can one actually expect to get off an auction of an old hard drive off of ebay? By the time you figure in all the auction fees, labor to ship them etc, I would bet that the companies probably don't make that much. It might just be safer to eat the cost than to try to sell them. It all really depends on the value of your secrets.
    • Here is an idea.

      Wipe the drive and sell it (at next to nothing) to your employees. Depending on your company and the number of geeks in it - there will always be someone who wants a 4-5 year old laptop for a project. Besides, no shipping charges. In the worst case, your employees get access to the data (most of them have it anyways). You do trust your employees, right?
  • DUPE! (Score:5, Informative)

    by LostCluster ( 625375 ) * on Tuesday June 08, 2004 @09:37PM (#9373463)
    Stop, timothy... we've heard this joke before. In fact, you seem to post this same story every nine months or so.

    Circa September 2003 [slashdot.org]... nine months ago.
    Circa January 2003 [slashdot.org]... eighteen months ago.

    Then again, we've been talking about this problem for a year and a half, yet there still are people stupid enough to be selling HDs with readable data that should be kept secret on them without doing DOD-level formatting.
  • by Nicholas Evans ( 731773 ) <OwlManAtt@gmail.com> on Tuesday June 08, 2004 @09:38PM (#9373466) Homepage
    In other news, SCO recently purchased a used PC from eBay containing its IP and e-mails sent by Linus Torvalds proving that he stole SCO's IP for the linux kernel, and that he didn't actually write the linux kernel.

    What? Troll, am I? Well, it's slashdot. Someone had to poke fun at SCO. Sue me.
  • by Anonymous Coward on Tuesday June 08, 2004 @09:40PM (#9373479)
    Stories like this really scare me, but I know I'm ok - I format my hard drive with my licenced Microsoft Windows XP CD, so I know there's no sensitive data left to be found! That's one of the many benefits of running secure and professionally developed software like windows.
  • by Anonymous Coward
    to sell old hard drives on eBay? I would think the cost of handling the entire transaction would cost more than the selling price of some old drive.

    My organization disassembles the drives and incinerates the platters. I'd like to see anyone get data from them.
  • by Anonymous Coward on Tuesday June 08, 2004 @09:41PM (#9373491)
    - Get a Torx screwdriver set from your local hardware store.

    - Open the hd. Save the cool looking screws.

    - Turn the platters into coasters.

    - Just make sure you don't hurt yourself when playing with the magnets.

  • by kidMike ( 627686 ) on Tuesday June 08, 2004 @09:42PM (#9373492) Homepage
    Maybe someone bought the old hard drives from a /. server, grabbed the admin passwords for the site, and keeps posting the old articles they recover! It makes perfect sense. Surely the admins can't keep making these mistakes over and over... err, nebbermind. kM
  • by ejaw5 ( 570071 ) on Tuesday June 08, 2004 @09:42PM (#9373497)
    Perhaps advice for anyone planning to let go of a hard drive:

    Use the shred utility, with a good number of iterations (25 sounds good). Go to the root directory and issue
    shred -n 25 -u -v *

    Then when you're done with that, low level format the drive using a disk utility such as the ones that come with Maxtors and Western Digital drives.
    • You would probably be better off running shred on the device file: "shred -v /dev/hdb", or whatever. Your method has trouble on journaled filesystems, and will leave information like filenames and directory structure around.
  • by infolib ( 618234 ) on Tuesday June 08, 2004 @09:46PM (#9373513)
    What they should have used: Secure Harddisk Eraser [linux-kurser.dk]

    The Secure harddisk eraser is a Linux boot floppy that overwrites your drive with random bits. Comes in a 3-pass and a 35-pass version. Insert, boot, wait for beep. Free as in GPL.
  • shred floppy (Score:4, Interesting)

    by wirzcat ( 221710 ) on Tuesday June 08, 2004 @09:48PM (#9373527)
    http://staff.washington.edu/jdlarios/autoclave/

    Works like a charm. And it has various levels of paranoia to choose from.
  • by sabinm ( 447146 ) on Tuesday June 08, 2004 @09:49PM (#9373539) Homepage Journal
    Happened to me once. My brother in law worked for a Large Multinational Bank and he new that I liked old computer junk. So he gave me a bunch of old 2/3/486 computers that were surplused from his job. They gave them to him because they didn't know how to get rid of them. Here was the catch . . . they didn't even format the things

    So I had their FedEx programs, account numbers, their in-house banking programs and a sweet little windows 3.1 interface. Needless to say I disposed of the information properly. But I told my brother in law. He said "Oh, really" and just forgot about it. Go figure.

    It is far too easy for those who would take advantage of sensitive information to exploit it for their own gain. They are quite fortunate someone like me got their hard drives and not someone bent on robbing them blind.
  • by dan.hunt ( 613949 ) on Tuesday June 08, 2004 @09:51PM (#9373553) Journal
    Real method of the Canadian Armed Forces:
    1. remove drive from machine,
    2. remove screws from drive,
    3. split HD case open,
    4. smash to bits.
    No data leaks. Really! Kind of brings a tear to the eye of the guy with the screwdriver and hammer though.
  • We break them! (Score:4, Interesting)

    by MightyJB ( 685090 ) on Tuesday June 08, 2004 @10:20PM (#9373722)
    I work for a large manufacturing company in the US. The facility I'm in has an interesting approach. First they format... Then they drop a 20 pound weight on it. Usually a few times. I'm sure if someone really wanted the data they could get it, but it's raises the bar a little.
  • by pyrrhonist ( 701154 ) on Tuesday June 08, 2004 @10:24PM (#9373749)
    15 Microsoft PowerPoint presentations containing highly sensitive company information.

    Well, that's BS. Nothing even remotely important gets put into a PowerPoint presentation.

    I know, I've been to meetings. God, have I been to meetings...

  • by Gunfighter ( 1944 ) on Tuesday June 08, 2004 @10:32PM (#9373798)
    I was lucky enough to never have to worry about this sort of problem when I worked for Uncle Sam. We had to take the actual platters out of our discarded hard disks and grind them down with a belt sander. No recyling either. Once we had a pile of dust, we had to dump the remains in a drum of some sort of acidic crap (usually used to destroy reams of sensitive print material). I always found it funny to see a few nice, shiny disks in the bottom of the safe with a classification label on them awaiting their demise.

    Perhaps there's money to be made in performing this sort of destructive service for banks and other entities handling sensitive customer information.
  • Comment removed (Score:5, Informative)

    by account_deleted ( 4530225 ) on Tuesday June 08, 2004 @10:33PM (#9373802)
    Comment removed based on user account deletion
  • by Chip7 ( 587423 ) on Tuesday June 08, 2004 @10:45PM (#9373881)
    I work in a police force environement. They have a strict policy on hard drives: No hard drives ever leaves the HQ, unless it is sealed it it's original bag or to be used by a employee. If a PC or laptop has to be shipped to be repaired, we remove the drives. When we give our PCs to charity, they're HDless. Even faulty drives aren't thrown away. They're kept until someone decides to head to the incinerator and throw'em in themselves. Even if they're under warranty (and needs to be returned to be honored) we don't. We buy a new drive and that's it!

    It'd figure other industries would do the same. Heck it's your business, your data, your life (well, only of part of it hopefully!) you have on these disk. Why bother with selling them? To get 20$ 50$? The way i see it, selling hard drives is equal to selling random filing cabinet without making sure they're empty.

    slightly off-topic side note:
    Some officers here are so tight about security: One of out tech went out to replace a fried power supply. When walking out with the roasted one, one guy asked: "Hey couldn't there be data on there?" the tech answered a polite "no" with a smile. The guy handed him a pair of cutter and said:"Well why don't you cut-off those wires just to make sure" !! :-D
    /slightly off-topic side note

  • Government (Score:3, Interesting)

    by oneshot47 ( 786651 ) on Tuesday June 08, 2004 @10:48PM (#9373894)
    My dad did computer forensics for 10 years in the air force and i know for a fact that it takes a lot of work to completely format a drive. Even measures that people take to destroy a drive (i.e. drilling a hole thru the platters) arent entirely effective. With the right tools you can recover data from all but the most carefully destroyed or formated drives.
  • by Trogre ( 513942 ) on Tuesday June 08, 2004 @11:03PM (#9373952) Homepage
    Put in knoppix CD

    for(( i=1; $i20; $((i++)) )); do
    # Do something to seed random number generator, probably involving the clock
    echo Erasing cycle $i;
    dd if=/dev/urandom of=/dev/hda;
    done

  • The chinese army... (Score:5, Interesting)

    by Trogre ( 513942 ) on Tuesday June 08, 2004 @11:10PM (#9374007) Homepage
    ... had this problem with military laptops. What to do if they get invaded and need to dump their data before getting captured lest their tactical data fall into enemy hands?

    They tried hotkey combinations, which would trigger a script to delete the hard drive, but they were either too complex to remember, or too easy to accidentally hit.

    In the end, they painted a big red 'X' on the underside of the laptop right where the hard drive sits, and instructed the operator "point gun here".

  • by Anonymous Coward on Wednesday June 09, 2004 @01:39AM (#9374622)
    This guy [ucsd.edu] who does research on hard drive technology gives away a freeware Secure Erase HDDerase utility [ucsd.edu] that just calls the HARDWARE-BASED Secure Erase capability that is ALREADY BUILT INTO all recent ATA-type hard drives!

    We just need to figure out how to get Linux/*BSD/*NIX/Apple/Microsoft to make this an option at the OS or fdisk/format/Disk Utility/Volume Manager utility level so we can all use it easily.
  • by syousef ( 465911 ) on Wednesday June 09, 2004 @01:50AM (#9374649) Journal
    ...taking out screws, carefully making coasters.....blah blah bleh!

    I had a 40GB hard disk that I'd paid a bit more for at the time because it was from a large reliable company (which I won't name) and had decent performance. It had a short life - maybe 2 years before it started playing up. Within 3 or 4 it was unusable even as a backup disk.

    I took a great deal of pleasure in "opening it up" with a hammer. The screws were star shaped (torque screws??). The platter actually shatterred into dust and some larger shards. Don't know how safe it was doing this in my backyard, but it was a lot of fun. (Remember the scene from Office Space where they smashed the printer into tiny bits). Good therapy.
  • by bani ( 467531 ) on Wednesday June 09, 2004 @02:42AM (#9374843)
    ...I buy used DLT-IV tapes off ebay and found a lot of uhm, "interesting" stuff on some of them.

    About 1 out of 10 tapes I buy has stuff like source code for commercial closed source applications, confidential customer data, etc.

    It's scary how lax people are with this shit.
  • interesting question (Score:4, Interesting)

    by ajs318 ( 655362 ) <sd_resp2@earthsh ... minus herbivore> on Wednesday June 09, 2004 @05:20AM (#9375247)
    It takes just two overwrites with really random data to remove data forever. Magnetism is a hysteresis loop phenomenon {think of a spring toggle; it will only move if you push it hard enough, then the same spring you were fighting against snaps it into its new position}. There is a slight difference between a "1 that used to be a 0" and a "1 that was always a 1", and there's a corresponding slight difference between a "0 that always was a 0" and a "0 that used to be a 1" -- but that, by design, isn't apparent to the disk read head. (Think: the same few hundred MB of disk get repeatedly overwritten when it's used as a swapfile. Data surviving overwrites would lead to all manner of reliability problems.)

    You can usually get some fairly random data from /dev/dsp - if all the inputs are turned up full whack with nothing plugged into them, then you will get a nice mix of static and power hum that ought not to contain any discernible pattern.

    A "1 that used to be a 0, and before that a 1" and a "1 that used to be a 0, and before that a 0" are almost certainly indistinguible. One write ago you might be able to recover, but two writes ago you haven't got much chance. Perhaps if you extracted the platters, you might be able to find some remnants of data on them ..... but you'd have to do a lot of work to reconstruct it. Unless you struck gold straight away, you'd have to wade through a hell of a lot of crap reconstructing the drive's own low level structure and the OS's file format before you work out what order the recovered zeros and ones should even go in.

    Once the data is as close to unrecoverable as won't make much difference, any extra effort you make is wasted. Sure, there are going to be one or two gems out there; but most people's data isn't that valuable, or can be had elsewhere for less effort. Think about it: Names and addresses are published in phone books and electoral registers. Identity numbers / SSNs are not secret. Nor are bank account numbers -- they're on every cheque you write. Credit card numbers are only valid for two years. Medical records of strangers are an interesting read, but not terrifically useful for anything interesting. If you're utterly paranoid, it might be worth doing partial random writes before storing any data on a new drive -- so if someone really can determine the first thing ever written to the drive, it would be nonsense. "Underwrite" each sector a random number of times, of course. Of course, if you have an encrypted file system, only the encryption key need be erased securely.

    So, having applied the laws of physics and seen that getting rid of data isn't that hard (and could be implemented almost trivially at the OS level; but not being able to recover data might conceivably be worse than being able to recover it, what with everyone getting used to the idea of a magical 'undo' button), let's turn the question around and look at it from the other side:

    Who gets fat on persuading people that they need to physically destroy used hard disk drives? And why? Let's see .....
    • Hard drive manufacturers - they will obviously sell more new drives if people can't buy second-hand ones.
    • Data recovery companies - they make money persuading people they can recover data from anything.
    • Secure data disposal consultants - they can charge big money under the colour of authority.
    • The Government - misinforming the populace is a centuries-old tradition. Documenting a data disposal procedure that is actually overkill might suggest to the Enemy that you have the technology to recover from anything less.

    Anyway, if recovering overwritten data really worked -- or even only half-worked -- someone would, by now, have tried to use it for a "drive space expander" utility. The kind of thing that would probably be advertised by SPAM.
  • Misconception (Score:3, Interesting)

    by ThisIsFred ( 705426 ) on Wednesday June 09, 2004 @10:04AM (#9377202) Journal
    This is a bit scary considering all of these drives were supposedly formatted and sold for surplus by major companies (although few of us actually use the multiple formatting standards of the DoD)
    This one sentence explains it all. You can format it a thousand times, but the data will still be intact. Formatting (as the term applies to modern OSes) just clears out the areas of the disk that contain entries pointing to the actual blocks of data, unless it's low-level formatting, (which I
    don't recommend you do).

    That's sad. Professional techs don't know the difference. I understood this the difference when I was a child, so I guess it's true that "professional" only means "I get paid". The correct procedure is to overwrite every bit of data on the disk, multiple times. Nine times, twelve times if you're really paranoid. No special software needed if you've got Unix/BSD/Linux around.

    cat /dev/zero > /dev/whatever

If entropy is increasing, where is it coming from?

Working...